General
-
Target
2025-06-03_50ac6f3a7f6500da75f906a6dd0d7022_black-basta_coinminer_ryuk_sliver
-
Size
3.4MB
-
Sample
250603-y7kpaawwex
-
MD5
50ac6f3a7f6500da75f906a6dd0d7022
-
SHA1
7e6516a528665dc4d308d416928de8916c15373b
-
SHA256
b5dc7fc4d0eebe44488c7d45b10006705f1210098fcc24bad04c0b7a553c0665
-
SHA512
b8bcaf2c81b259df7ccdfc8b88c1ee692f5262165c0768c40d90890b0b0661d415946734cfdc69e681970c3f1af54356e2f9e362f625487a01ace2cb3f0684f6
-
SSDEEP
49152:VdZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5b/:nHvfGfZvZj1/N/z/owJ/
Behavioral task
behavioral1
Sample
2025-06-03_50ac6f3a7f6500da75f906a6dd0d7022_black-basta_coinminer_ryuk_sliver.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
meshagent
2
PORTO
http://blueremote2.bluedu.com.br:443/agent.ashx
-
mesh_id
0x358C7C4D2722C36F1BCE1F60A9FE5644D8F2F8EA5140F6150A86A52A6A4B735EB3DB213727124E193CB2998060ADC096
-
server_id
09CF688FAB1FD135204D712C6D209E0AAA2D7F5A12FE300048608A24CB168269A6A855351B6FC7A913919EEFA9F0B316
-
wss
wss://blueremote2.bluedu.com.br:443/agent.ashx
Targets
-
-
Target
2025-06-03_50ac6f3a7f6500da75f906a6dd0d7022_black-basta_coinminer_ryuk_sliver
-
Size
3.4MB
-
MD5
50ac6f3a7f6500da75f906a6dd0d7022
-
SHA1
7e6516a528665dc4d308d416928de8916c15373b
-
SHA256
b5dc7fc4d0eebe44488c7d45b10006705f1210098fcc24bad04c0b7a553c0665
-
SHA512
b8bcaf2c81b259df7ccdfc8b88c1ee692f5262165c0768c40d90890b0b0661d415946734cfdc69e681970c3f1af54356e2f9e362f625487a01ace2cb3f0684f6
-
SSDEEP
49152:VdZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5b/:nHvfGfZvZj1/N/z/owJ/
-
Detects MeshAgent payload
-
Meshagent family
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-